

PTO/SB/05 (4/98)
Approved for use through 09/30/2000. OMB 0651-0032
Patent and Trademark Office: U.S. DEPARTMENT OF COMMERCE Please type a plus sign (+) inside this box -> + collection of information unless it displays Under the Paperwork Reduction Act of 1995, no persons are required to respond to a valid OMB control number Attorney Docket No. T2147-906625 UTILITY First Inventor or Application Identifier Patrick LE QUERE PATENT APPLICATION TRANSMITTAL Express Mail Label No. Algorithms... Only for new nonprovisional applications under 37 C.F.R. § 1.53(b) Assistant Commissioner for Patents APPLICATION ELEMENTS ADDRESS TO: **Box Patent Application** See MPEP chapter 600 concerning utility patent application contents Washington, DC 20231 \* Fee Transmittal Form (e.g., PTO/SB/17) 5. Microfiche Computer Program (Appendix) (Submit an original and a duplicate for fee processing) 6. Nucleotide and/or Amino Acid Sequence Submission Specification [Total Pages 11 Х (if applicable, all necessary) (preferred arrangement set forth below) Computer Readable Copy · Descriptive title of the Invention - Cross References to Related Applications b. Paper Copy (identical to computer copy) - Statement Regarding Fed sponsored R & D Statement verifying identity of above copies C. - Reference to Microfiche Appendix - Background of the Invention **ACCOMPANYING APPLICATION PARTS** - Brief Summary of the Invention х Assignment Papers (cover sheet & document(s)) - Brief Description of the Drawings (if filed) 37 C.F.R.§3,73(b) Statement - Detailed Description (when there is an assignee) Attorney - Claim(s) 9. English Translation Document (if applicable) - Abstract of the Disclosure Information Disclosure Copies of IDS Drawing(s) (35 U.S.C. 113) (formal) [Total Sheets 1 Statement (IDS)/PTO-1449 X Citations Preliminary Amendment Oath or Declaration [Total Pages Newly executed (original or copy) Return Receipt Postcard (MPEP 503) (Should be specifically itemized) Copy from a prior application (37 C.F.R. § 1.63(d)) Small Entity Statement filed in prior application, (for continuation/divisional with Box 16 completed) Statement(s) Status still proper and desired DELETION OF INVENTOR(S) (PTO/SB/09-12) Certified Copy of Priority Document(s) Signed statement attached deleting (if foreign priority is claimed) inventor(s) named in the prior application, see 37 C.F.R. §§ 1.63(d)(2) and 1.33(b). Other: Verification of Translator NOTE FOR ITEMS 1 & 13: IN ORDER TO BE ENTITLED TO PAY SMALL ENTITY FEES, A SMALL ENTITY STATEMENT IS REQUIRED (37 C.F.R. § 1.27), EXCEPT IF ONE FILED IN A PRIOR APPLICATION IS RELIED UPON 137 C.F.R. § 1.28). Claim for Priority Change of Address 16. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in a preliminary amendment: Continuation-in-part (CIP) Divisional of prior application No: Prior application information: Examiner Group / Art Unit: For CONTINUATION or DIVISIONAL APPS only .: The entire disclosure of the prior application, from which an oath or declaration is supplied under Box 4b, is considered a part of the disclosure of the accompanying continuation or divisional application and is hereby i incorporated by reference. The incorporation can only be relied upon when a portion has been inadvertently omitted from the submitted application parts. 17. CORRESPONDENCE ADDRESS or X Correspondence address below Customer Number or Bar Code Label (Insert Customer No. or Attach bar code label here) Edward J. Kondracki Name MILES & STOCKBRIDGE P.C.

|     | Signature | ,         | Edward 1 L  | metracko  |                              | Date   | Nov. 7, 2000 |   |
|-----|-----------|-----------|-------------|-----------|------------------------------|--------|--------------|---|
|     | Name (P   | nnt/Type) | Edward J. K | ondracki  | Registration No. (Attorney/) | Agent) | 20,604       | = |
| Cou | intry     | U.S.      |             | Telephone | 703/903~9000                 | Fax    | /03/610-8686 |   |

VA

703/903-9000

22102-3833

703/610-8686

Zip Code

Fax

Suite 500

State

1751 Pinnacle Drive -

McLean

U.S.

Address

City

Burden Hour Statement: This form is estimated to take 0.2 hours to complete. Time will vary depending upon the needs of the in-dividual case. Any comments on the amount of time you are required to complete this form should be sent to the Chief Information Officer, Patent a nd Trademark Office, Washington, DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO. Assistant Commissioner for Patents, Box Patent Application, Washington, DC 20231

| Under the Paperwork Reduction Act of 1995, no persons are                                              | required to | respond           | US<br>I to a c | Pate:      | nt and Tra         | Approved for use through 10/31/2002. (<br>ademark Office, U.S. DEPARTMENT C | OF COMMERCE |
|--------------------------------------------------------------------------------------------------------|-------------|-------------------|----------------|------------|--------------------|-----------------------------------------------------------------------------|-------------|
|                                                                                                        |             |                   |                |            |                    | mplete if Known                                                             |             |
| FEE TRANSMITT                                                                                          | AL          | Арр               | licatio        | n Nur      | nber               |                                                                             |             |
| for FY 2001                                                                                            |             | Filin             | g Date         | 9          |                    | November 7, 2000                                                            |             |
| 101 11 2001                                                                                            |             | First             | Nam            | ed in      | ventor             | Patrick LE OUERE                                                            |             |
| Patent fees are subject to annual revision.                                                            |             | Exa               | miner          | Nam        | е                  |                                                                             | ···         |
|                                                                                                        |             | Grou              | ıp Art         | Unit       |                    |                                                                             |             |
| TOTAL AMOUNT OF PAYMENT (\$) 750.0                                                                     | 0           | Attor             | ney [          | ocke       | t No.              | T2147-906625                                                                |             |
| METHOD OF PAYMENT                                                                                      |             |                   |                | F          | EE CA              | LCULATION (continued)                                                       |             |
| 1. X The Commissioner is hereby authorized to charge                                                   | 3. /        | ADDIT             | ION/           |            |                    |                                                                             | -           |
| indicated fees and credit any overpayments to Deposit                                                  | Lar<br>Fe   | ge Entit<br>e Fee | ySma<br>Fee    | II Enti    |                    | For December                                                                |             |
| Account Number 501165                                                                                  | Co          | de (\$)           | Code           | e (\$)     |                    | Fee Description                                                             | Fee Paid    |
| Deposit                                                                                                | 109         | 5 130             | 205            | 65         | Surcha             | rge - late filing fee or oath                                               |             |
| Account Name MILES & STOCKBRIDGE P.C.                                                                  | 121         | 7 50              | 227            | 25         | Surchai<br>cover s | ge - late provisional filing fee or<br>heet                                 |             |
| X Charge Any Additional Fee Required Under 37 CFR 1.16 and 1.17                                        | 139         | 9 130             | 139            | 130        | Non-En             | glish specification                                                         |             |
| Applicant claims small entity status.                                                                  | 147         | 7 2,520           | 147            | 2,520      | For film           | g a request for ex parte reexamination                                      |             |
| See 37 CFR 1 27                                                                                        | 112         | 920*              | 112            | 920*       | Reques             | iting publication of SIR prior to er action                                 | 1           |
| 2. Payment Enclosed:  Check Credit card Money Otto                                                     | er 113      | 3 1,840*          | 113            | 1,840      | * Reques           | er action string publication of SIR after er action                         |             |
| FEE CALCULATION                                                                                        | 115         | 5 110             | 215            | 55         |                    | on for reply within first month                                             |             |
|                                                                                                        | 116         |                   |                | 195        |                    | on for reply within second month                                            |             |
| 1. BASIC FILING FEE Large Entity Small Entity                                                          | 117         | 890               | 217            | 445        | Extensi            | on for reply within third month                                             |             |
| Fee Fee Fee Fee Description                                                                            | 118         | 1,390             | 218            | 695        | Extensi            | on for reply within fourth month                                            |             |
| 404 740 004 055 11111 51 15                                                                            |             | 1,890             | 228            | 945        | Extensi            | on for reply within fifth month                                             |             |
| 106 320 206 160 Design filing fee                                                                      | 119         | 310               | 219            | 155        | Notice of          | of Appeal                                                                   |             |
| 107 490 207 245 Plant filing fee                                                                       | 120         | 310               | 220            | 155        | Filing a           | brief in support of an appeal                                               |             |
| 108 710 208 355 Reissue filing fee                                                                     | 121         |                   |                | 135        | Reques             | t for oral hearing                                                          |             |
| 114 150 214 75 Provisional filing fee                                                                  |             |                   | 138 1          |            |                    | to institute a public use proceeding                                        |             |
| SUBTOTAL (1) (\$) 710.0                                                                                | 140         |                   | 240            | 55         |                    | to revive - unavoidable                                                     |             |
| 2. EXTRA CLAIM FEES                                                                                    |             | 1,240             |                | 620        |                    | to revive - unintentional                                                   |             |
| Fee from _                                                                                             | 1/2         |                   |                | 620<br>220 |                    | sue fee (or reissue)<br>ssue fee                                            |             |
| Total Claims Delow Fee  Total Claims Delow Fee                                                         | 144         |                   |                | 300        | Plant iss          | t t                                                                         |             |
| Independent Claims 1 - 3** = 0 x =                                                                     | 122         | 130               | 122            | 130        | Petitions          | s to the Commissioner                                                       |             |
| Multiple Dependent =                                                                                   | 123         | 50                | 123            | 50         | Petitions          | related to provisional applications                                         |             |
|                                                                                                        | 126         | 240               | 126            | 240        | Submiss            | sion of Information Disclosure Stmt                                         |             |
| Large Entity Small Entity Fee Fee Fee Fee Description Code (\$) Code (\$)                              | 581         | 40                | 581            | 40         |                    | ng each patent assignment per (times number of properties)                  | 40          |
| 103 18 203 9 Claims in excess of 20                                                                    | 146         | 710               | 246            | 355        |                    | submission after final rejection                                            |             |
| 102 80 202 40 Independent claims in excess of 3<br>104 270 204 135 Multiple dependent claim, if not pa | 149         | 710               | 249            | 355        | For each           | h additional invention to be<br>ed (37 CFR § 1 129(b))                      |             |
| 109 80 209 40 ** Reissue independent claims over original patent                                       | 179         | 710               | 279            | 355        |                    | t for Continued Examination (RCE)                                           |             |
| 110 18 210 9 ** Reissue claims in excess of 20 and over original patent                                | 169         | 900               | 169            | 900        |                    | for expedited examination                                                   |             |
| SUBTOTAL (2) (\$)                                                                                      | Othe        | r fee (sp         | ecify)         |            |                    |                                                                             |             |
| **or number previously paid, if greater, For Reissues, see above                                       | Redu        | ced by            | Basic F        | -iling F   | ee Paid            | SUBTOTAL (3) (\$)40.                                                        | 00          |
|                                                                                                        | ē           |                   |                |            |                    | 1                                                                           |             |
| SUBMITTED BY                                                                                           |             |                   |                |            |                    | Complete (if applicable)                                                    |             |

SUBMITTED BY

Name (PrintiType)

Edward J. Kondracki

Signature

Complete (if applicable)

Telephone

703/903–9000

Date

Nov. 7, 2000

WARNING: Information on this form may become public. Credit card information should not be included on this form. Provide credit card information and authorization on PTO-2038.

Docket: T2147-906625

#### IN THE UNITED STATES PATENT AND TRADEMARK OFFICE

In re application of

Patrick LEQUERE

: Examiner:

Group Art Unit:

Serial No.:

Filed: Concurrently Herewith

For: Architecture of an encryption Circuit

Implementing Various Types of Encryption Algorithms Simultaneously:

Without a Loss of Performance : McLean, Virginia

November 7, 2000

## PRELIMINARY AMENDMENT

**Assistant Commissioner for Patents** Washington, D.C. 20231

Sir:

Please amend the subject application, filed concurrently herewith, as indicated below:

## **IN THE SPECIFICATION:**

On page 1, after the title and before the first paragraph on page 1, insert the following heading at the left-hand margin: -- Field of the Invention--;

Page 1, after line 12, before the paragraph "The increased need..." insert the following heading at the left-hand margin: -- Description of Related Art--;

Page 1, after line 22, before the paragraph "The object of the..." insert the following heading at the left-hand margin: -- Summary of the Invention--;

Page 1, line 27, after "host" insert --computer--;

Line 27, delete "by a computing machine".

Page 2, line 3, before "making" insert --for--;

2

3

4

5

6

7

8

Page 2, line 4, after "and" insert --for--;

Page 2, after line 22, and before "Other advantages and ...." insert the following heading at the left-hand margin: --Brief Description of the Drawings--;

Page 2, after line 25, and before "For simplicity's sake,..." insert the following heading at the left-hand margin: -- <u>Description of the Preferred</u>

## Embodiments--;

Page 7, after line 14, insert the following new paragraph:

--While this invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the preferred embodiments of the invention as set forth herein, are intended to be illustrative, not limiting.

Various changes may be made without departing from the true spirit and full scope of the invention as set forth herein and defined in the claims.--

## IN THE CLAIMS:

Please cancel Claims 1-13 in their entirety and without prejudice.

Please substitute the following claims.

- 15. An encryption circuit (1) for simultaneously processing various encryption algorithms, the circuit adapted to be coupled with a host computer system (HS), characterized in that the circuit comprises:
- an input/output module (2), for handling data exchanges between the host system (HS) and the circuit (1) via a dedicated bus (PCI),
- an encryption module (3) coupled with the input/output module (2) said encryption module controlling encryption and decryption operations, as well as storage of all sensitive information (1) of the circuit; and

| - isolation means (4) between the input/output module (2) and the encryption            |
|-----------------------------------------------------------------------------------------|
| module (3), for making the sensitive information stored in the encryption module (3)    |
| inaccessible to the host system (HS) and for ensuring the parallelism of the operations |
| performed by the input/output module (2) and the encryption module (3).                 |

- 16. An encryption circuit according to claim 15, characterized in that the isolation means (4) of the circuit (1) comprises a double-port memory (4).
- 17. An encryption circuit according to claim 15 wherein this isolation means (4) comprises a double port memory coupled between the input/output module (2) and the encryption module (3), the dual-port memory (4) being coupled to a first bus and adapted to simultaneously handle the exchange of data, commands and statuses between the input/output and encryption modules (2 and 3), and isolation between the two modules (2 and 3).
- 18. An encryption circuit is set forth in claim 15, characterized in that the encryption module (3) comprises:
- a first encryption sub-module (3<sub>1</sub>), dedicated to the processing of symmetric encryption algorithms, and being coupled with the first bus of the dual port memory (4);
- a second encryption sub-module (3<sub>2</sub>), dedicated to the processing of asymmetric encryption algorithms (40) and being coupled with the first bus of the dual-port memory (4) and including a separate internal second bus isolated from the first bus of the dual-port memory (4); and

| 10 | - a CMOS memory (11) coupled with the dual-port memory (4) via the first                    |
|----|---------------------------------------------------------------------------------------------|
| 11 | bus of the dual-port memory containing the encryption keys.                                 |
| 1  | 19. An encryption circuit as set forth in claim 16, characterized in that the               |
| 2  | encryption modules (3) comprises:                                                           |
| 3  | - a first encryption sub-module (3 <sub>1</sub> ), dedicated to the processing of symmetric |
| 4  | encryption algorithms, and being coupled with the first bus of the dual port memory         |
| 5  | (4);                                                                                        |
| 6  | - a second encryption sub-module (3 <sub>2</sub> ), dedicated to the processing of          |
| 7  | asymmetric encryption algorithms (40) and being coupled with the first bus of the           |
| 8  | dual-port memory (4) and including a separate internal second bus isolated from the         |
| 9  | first bus of the dual-port memory (4); and                                                  |
| 10 | - a CMOS memory (11) coupled with the dual-port memory (4) via the first                    |
| 11 | bus of the dual-port memory containing the encryption keys.                                 |
|    |                                                                                             |
| 1  | 20. An encryption circuit as set forth in claim 17, characterized in that the               |
| 2  | encryption module (3) comprises:                                                            |
| 3  | - a first encryption sub-module (3 <sub>1</sub> ), dedicated to the processing of symmetric |
| 4  | encryption algorithms, and being coupled with the first bus of the dual port memory         |
| 5  | (4);                                                                                        |
| 6  | - a second encryption sub-module (3 <sub>2</sub> ), dedicated to the processing of          |
| 7  | asymmetric encryption algorithms (40) and being coupled with the first bus of the           |
| 8  | dual-port memory (4) and including a separate internal second bus isolated from the         |
| 9  | first bus of the dual-port memory (4); and                                                  |
| 10 | - a CMOS memory (11) coupled with the dual-port memory (4) via the first                    |
| 11 | bus of the dual-port memory containing the encryption keys.                                 |

| • 21. an encryption circuit according to claim 18, characterized in that the first             |
|------------------------------------------------------------------------------------------------|
| encryption sub-module (3 <sub>1</sub> ) comprises an encryption component (9) coupled with the |
| dual-port memory (4) via the first bus of the memory (4), comprising various                   |
| encryption automata, respectively dedicated to the processing of symmetric                     |
| encryption algorithms, and in that the second encryption sub-module (32) comprises at          |
| least two encryption processors (101 and 102), respectively dedicated tot he processing        |
| of asymmetric encryption algorithms, coupled with the encryption module (9) via the            |
| internal second bus of the second sub-module $(3_2)$ and a bus isolator $(14)$ for isolating   |
| the second bus from the first bus of the dual port memory.                                     |

- 22. An encryption circuit according to claim 21, characterized in that the encryption processors ( $10_1$  and  $10_2$ ) of the encryption module (30 are of the CIP type.
- 23. An encryption circuit according to claim 21, characterized in that one  $(10_1)$  of the two encryption processors  $(10_1$  and  $10_2)$  is of the CIP type, and in that the other  $(10_2)$  of the two encryption processors is of the ACE type.
- 24. An encryption circuit according to claim 21, characterized in that one of the two encryption processor (10<sub>2</sub>) is of the ACE type comprising a field programmable gate array (FPGA).
- 25. An encryption circuit according to claim 24, characterized in that the encryption component (9) is of the SCE type.

| 1  | ' 26. An encryption circuit according to claim 25, characterized in that the               |
|----|--------------------------------------------------------------------------------------------|
| 2  | encryption component (9) comprises a field programmable array (FPGA).                      |
|    |                                                                                            |
| 1  | 27. An encryption circuit according to claim 26, characterized in that the                 |
| 2  | second encryption sub-module (3 <sub>2</sub> ) comprises a flash memory PROM (12) and an   |
| 3  | SRAM memory (13) coupled with the second internal bus of the sub-module (3 <sub>2</sub> ). |
|    |                                                                                            |
| 1  | 28. An encryption circuit according to claim 21, further comprising a CMOS                 |
| 2  | memory (11) containing security keys and security mechanisms (15) adapted to               |
| 3  | trigger a reset mechanism of the CMOS memory (11) in case of an alarm.                     |
|    |                                                                                            |
| 1  | 29. an encryption circuit according to claim 15 characterized in that the                  |
| 2  | input/output module (2) comprises:                                                         |
| 3  | - a microcontroller (6) having an input/output processor (6 <sub>1</sub> ) and a PCI       |
| 4  | interface (62) integrating DMA channels responsible for executing the data transfers       |
| 5  | between the host system (HS) and the circuit (1);                                          |
| 6  | - a flash memory (7) containing the code of the input/output processor $(6_1)$ and         |
| 7  | a PCI interface (62) integrating DMA channels responsible for executing the data           |
| 8  | transfers between the host system (HS) and the circuit (1);                                |
| 9  | - a flash memory (7) containing the code of the input/output processor (6 <sub>1</sub> );  |
| 10 | and                                                                                        |
| 11 | - an SRAM memory (8) that receives a copy of the contents of the flash                     |

memory (7) upon startup of the input/output processor  $(6_1)$ .

1

2

1

2

1

2

| 1 | 30. An encryption circuit according to claim 15 comprising a serial link (SL)           |
|---|-----------------------------------------------------------------------------------------|
| 2 | connected to input basic keys through a secure path independent of the dedicated PCI    |
| 3 | bus, said link adapted to be controlled by the encryption module (3).                   |
| 1 | 31. An encryption circuit according to claim 30, characterized in that the              |
| 2 | serial link (SL) allows downloading of proprietary algorithms into the first encryption |

- 32. An encryption circuit as set forth in claim 15 further including a card supporting the circuit.
- 33. An encryption circuit as set forth in claim 18 further including a card supporting the circuit.
- 34. An encryption circuit as set forth in claim 21 further including a card supporting the circuit

## **IN THE ABSTRACT:**

sub-module  $(3_1)$ .

Delete the present Abstract in its entirety and replace with the one attached hereto as Attachment A.

## **REMARKS**

This Preliminary Amendment is made to eliminate informalities in the specification, claims and abstract resulting from a literal translation of the French text, to eliminate the use of multiple dependent claims, and to insert headings to conform the application to U.S. practice.

The present application is believed to be in condition for examination, which action is earnestly solicited.

Respectfully,

MILES & STOCKBRIDGE P.C.

Edward J. Kondracki Reg. No. 20,604

1751 Pinnacle Drive, Suite 500 McLean VA 22102-3833 Telephone: (703) 618-8627 #9124104 v1

10

## **ABSTRACT**

An encryption circuit (1) for simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system (HS) hosted by a computing machine. The circuit (1) comprises an input/output module (2), responsible for the data exchanges between the host system (HS) and the circuit via a dedicated bus (PCI), an encryption module (3) coupled with the input/output module (2), in charge of the encryption and decryption operations as well as the storage of all of the circuit's sensitive information; and isolation means (4) between the input/output module (2) and the encryption module (3), making the sensitive information stored in the encryption module (3) inaccessible to the host system (HS), and ensuring the parallelism of the operations performed by the input/output module (2) and the encryption module (3). The circuit is supported on a peripheral component interconnect (PCI) card. The circuit is specifically adapted to provide "hardware" protection of computer servers or stations.

Attachment A to Preliminary Amendment filed November 7, 2000 in the name of LeQuere

25

30

5

# ARCHITECTURE OF AN ENCRYPTION CIRCUIT IMPLEMENTING VARIOUS TYPES OF ENCRYPTION ALGORITHMS SIMULTANEOUSLY WITHOUT A LOSS OF PERFORMANCE

The present invention applies to the field of encryption, and more particularly, relates to an architecture of an encryption circuit implementing various types of encryption algorithms simultaneously.

This architecture is embodied by a circuit supported by a PCI (Peripheral Component Interconnect) card, and makes it possible to implement various encryption algorithms in parallel, without a loss of performance in a machine (server or station). It also plays the role of a vault in which the secret elements (keys and certificates) required for any electronic encryption function are stored.

The increased need for performance in cryptography, combined with the need for inviolability has led the manufacturers of security systems to favor hardware solutions in the form of additional cards.

Such a card, coupled with a server, constitutes the hardware security element of the server.

There are known implementations of security architectures based on ASIC (Application Specific Integrated Circuit) components, which entail high development costs for a solution that remains inflexible, both on the manufacturer end and on the user end.

Furthermore, there is no architecture existing today that is capable of executing a set of algorithms simultaneously with a guaranteed throughput for each of them.

The object of the invention is specifically to eliminate the aforementioned drawbacks and to meet the market's new demands for security.

To this end, the subject of the invention is an architecture of an encryption circuit simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system hosted by a computing machine.

According to the invention, the circuit comprises:

- an input/output module responsible for the data exchanges between the host system and the circuit via a PCI bus;

25

5

- isolation means between the input/output module and the encryption module, making the sensitive information stored in the encryption module inaccessible to the host system, and ensuring the parallelism of the operations performed by the input/output module and the encryption module.

The first advantage of the invention is that it allows fast execution of the principal encryption algorithms with two levels of parallelism, a first parallelism of the operations performed by the input/output module and the encryption module, and a second parallelism in the execution of the various encryption algorithms.

Another advantage of the invention is to make invisible to the host system all of the encryption resources made available to the system, and to provide protected storage for secrets such as keys and certificates. The sensitive functions of the card (algorithms and keys) are all located inside the encryption module and are inaccessible from the PCI bus.

The invention also has the advantage of enabling hardware and software implementations of various encryption algorithms to coexist without a loss of performance, while guaranteeing the throughputs of each of them.

It has the further advantage of being scalable by a choice of standard microprocessor and programmable logic technologies, as opposed to more conventional implementations based on specific circuits (ASIC). The invention makes it possible, in particular, to implement proprietary algorithms simply by modifying the code of the encryption processors or by loading a new configuration file for the encryption automata of the encryption module.

Other advantages and characteristics of the present invention will emerge through the reading of the following description, given in reference to the attached figure, which represents a block diagram of an architecture according to the invention.

For simplicity's sake, the encryption/decryption module will hereinafter be called the "encryption module."

The links between each module are all two-way links unless indicated.

The encryption circuit 1 according to the invention hinges on two main modules:

25

5

- an input/output module 2 responsible for the data exchanges between the encryption resources and a host system HS via a PCI bus; and
- an encryption module 3 in charge of the encryption and decryption operations as well as the storage of the secrets.

These two modules 2 and 3, respectively delimited by an enclosing dot-and-dash line, dialogue via a dual-port memory DPR 4 that allows the exchange of data and commands/statuses between the two modules 2 and 3.

A serial link SL controlled by the encryption module 3 also makes it possible to input the basic keys through a secure path SP independent of the normal functional path (PCI bus), thus meeting the requirement imposed by the FIPS140 standard.

This link SL is connected to the card 1 via a module EPLD 5, or "Erasable Programmable Logic Device," coupled between the input/output module 2 and the encryption module 3, that ensures logical consistency between the modules.

The input/output module 2 includes the following elements:

- a microcontroller IOP 6 primarily constituted by a processor 6<sub>1</sub> and by a PCI interface 6<sub>2</sub>, integrating DMA (Direct Memory Access) channels. These are channels that are specific, or dedicated, to the processor, through which the data exchanged between the memories passes, and which are coupled with the processor without using the resources of the processor;
- a flash memory 7, which is a memory that saves the stored data without a power source and whose storage capacity is for example 512 kilobytes; and
- an SRAM memory 8, from the abbreviation for "Static Random Access Memory" which is a memory that requires a power source in order to save the data stored in the memory, and whose storage capacity is for example 2 Megabytes.

The data transfers between the encryption module 3 and the host system HS take place simultaneously with the encryption operations performed by the encryption module 3, thus making it possible to optimize the overall performance of the card 1.

The flash memory 7 contains the code of the processor of the microcontroller IOP 6.

At startup, the processor copies the contents of the flash memory 7 into the SRAM memory 8; the code being executed in this memory for better performance.

25

5

The SRAM memory 8 could also be replaced by an SDRAM (Synchronous Dynamic RAM) memory, which is a fast dynamic memory.

The microcontroller IOP 6 is capable of managing this type of memory without a loss of performance.

The choice of the microcontroller depends primarily on the desired performance objectives as well as the total power consumption of the card supporting the circuit, which is generally limited to 25 W (PCI specification).

The dual-port memory DPR 4 provides the isolation between the input/output module 2 and the encryption module 3, thus making the latter inaccessible to the host system HS.

Its storage capacity in the example described is 64 kilobytes. It temporarily stores the data that is to be encrypted or decrypted by the encryption automata of the encryption module 3.

It is divided into two areas:

- a control area, for example of 4 kilobytes, in which the microcontroller IOP 6 writes the control blocks to be sent to the automata; and
- a data area, for example of 60 kilobytes, containing the data to be processed by the automata.

The encryption module 3 includes first and second encryption sub-modules  $3_1$  and  $3_2$ , respectively delimited by an enclosing broken line.

The first sub-module 3<sub>1</sub> includes an SCE (Symmetric Cipher Engine) component 9, dedicated to the processing of symmetric encryption algorithms, coupled with the bus of the dual-port memory 4.

The second sub-module  $3_2$  is dedicated to the processing of asymmetric encryption algorithms.

It is coupled with the bus of the dual-port memory 4, and includes a separate internal bus isolated from the bus of the dual-port memory 4.

It also includes:

- one or two processors CIP 10<sub>1</sub>, 10<sub>2</sub>, from the abbreviation for "Cipher Processor";
- a processor ACE 10<sub>2</sub>, from the abbreviation for "Asymmetric Cipher Processor," which in a variant of embodiment replaces one of the two cipher processors CIP 10<sub>1</sub>, 10<sub>2</sub>;

25

5

- a CMOS memory 11, for example with a storage capacity of 256 kilobytes, backed up by a battery;
- a flash memory PROM 12, from the abbreviation for "Programmable Read-Only Memory," for example with a storage capacity of 512 kilobytes; and
  - an SRAM memory 13, for example with a storage capacity of 256 kilobytes.

As illustrated in the block diagram of the figure, the SCE component 9 and the CMOS memory 11 are directly coupled with the bus of the dual-port memory DPR 4, while the processors CIP 10<sub>1</sub> and 10<sub>2</sub> and the flash 12 and SRAM 13 memories are coupled with a separate bus isolated from the bus of the dual-port memory DPR 4 by means of a bus isolator 14, also called a bus "transceiver," represented in the figure by a block with two opposing arrows.

The flash memory PROM 12 located in the bus of the processors CIP  $10_1$  and  $10_2$  contains all of the software used by the encryption module 3.

The SRAM memory 13 plays two roles:

- it enables the fast execution of the code of the processors CIP  $10_1$  and  $10_2$ ; the code is copied into the memory from the flash memory PROM 12 at power up;
- it also makes it possible to store the data temporarily during the execution of the algorithms.

This characteristic of the architecture guarantees the independence of the various encryption automata from one another.

The processor CIP  $10_1$  and the processor ACE  $10_2$  both access the dual-port memory DPR 4 in order to read or write the data to be encrypted, but the processing of the algorithms *per se* takes place entirely within their own memory space (internal cache and SRAM 13) without interfering with the SCE component 9.

The SCE component 9 integrates the various symmetric encryption automata (one automaton per algorithm) of the DES, RC4 or other type, as well as a random number generator, not represented.

Each automaton works independently from the others and accesses the dual-port memory DPR 4 in order to read its control block (written by the microcontroller IOP 6) and the corresponding data to be processed.

25

5

The parallelism of the processing thus performed makes it possible to guarantee an optimal throughput for each algorithm even when the automata are used simultaneously.

The only limitation on the processing is imposed by access to the dual-port memory DPR 4, which is shared by all of the automata.

The bandwidth of the data bus to this memory must therefore be greater than the sum of the throughputs of each algorithm in order not to limit their performance.

The SCE component 9 is produced using a programmable technology that is also known as FPGA, or "Field Programmable Gate Array," which is a programmable circuit or chip having a high logic gate density, which provides all of the flexibility required to implement new algorithms, including proprietary algorithms, on demand.

The configuration data for this component is contained in the flash memory PROM 12, and is loaded into the SCE component 9 at power up under the control of the processor CIP 10<sub>1</sub>.

The processor CIP 10<sub>1</sub>, using given programming software, implements the algorithms not implemented in the SCE component 9. It also implements asymmetric algorithms of the RSA type with or without the help of the specialized automaton implemented by the processor ACE 10<sub>2</sub>.

It performs the initialization of the security parameters (keys) via the serial link SL.

The utilization of a high-performance processor at this level guarantees optimal performance in the execution of the algorithms as well as great flexibility for the implementation of additional algorithms.

As a result of this processor, it is also possible to download proprietary algorithms via the serial link SL.

According to a first embodiment, two processors CIP 101 and 102 are implemented:

One of them  $10_1$  is required for the execution of the of the RSA algorithm; the other  $10_2$  implements the algorithms not yet supported by the SCE component 9.

According to a second embodiment, there is only one processor CIP  $10_1$  assisted by a processor ACE  $10_2$  that replaces one of the two processors CIP  $10_1$  and  $10_2$  of the first embodiment, and which implements, in programmable logic, the intensive calculation linked to the protocol of the RSA algorithm.

All of the required algorithms are implemented in programmable logic in automata of the SCE component 9.

This component is produced in programmable FPGA technology.

The CMOS memory 11 contains the keys and other secrets of the card 1. It is backed up by a battery and protected by various known security mechanisms SM 15 which, in case of abnormalities, translate them as an intrusion attempt and erase its contents.

These abnormalities are for example due to:

- an abnormal increase or decrease in the temperature;
- an abnormal increase or decrease in the supply voltage;
- a disencryption of the card;
- a physical intrusion attempt (on the card end or the host system end);
- etc.

Each of the above events triggers an alarm signal that acts on the reset mechanism of the CMOS memory 11.

1 2

#### **CLAIMS**

| 1. Architecture of an encryption circuit (1) simultaneously processing various                   |
|--------------------------------------------------------------------------------------------------|
| encryption algorithms, the circuit being capable of being coupled with a host system (HS) hosted |
| by a computing machine, characterized in that the circuit comprises:                             |
| - an input/output module (2), responsible for the data exchanges between the host system         |
| (HS) and the circuit (1) via a dedicated bus (PCI),                                              |
| - an encryption module (3) coupled with the input/output module (2), in charge of the            |
| encryption and decryption operations as well as the storage of all of the circuit's sensitive    |
| information (1); and                                                                             |
| - isolation means (4) between the input/output module (2) and the encryption module (3),         |
| making the sensitive information stored in the encryption module (3) inaccessible to the host    |
| system (HS) and ensuring the parallelism of the operations performed by the input/output         |
| module (2) and the encryption module (3).                                                        |
|                                                                                                  |
| 2. Architecture according to claim 1, characterized in that the isolation means of the           |
| circuit (1) comprises a double-port memory (4) coupled between the input/output module (2) and   |
| the encryption module (3), including its own bus and simultaneously handling the exchange of     |
| data, commands and statuses between the two modules (2 and 3), and the isolation between the     |
| two modules (2 and 3).                                                                           |
|                                                                                                  |

- 3. Architecture according to either of claims 1 and 2, characterized in that the encryption module (3) comprises:
  - a first encryption sub-module  $(3_1)$ , dedicated to the processing of symmetric encryption algorithms, coupled with the bus of the dual port memory (4);
  - a second encryption sub-module  $(3_2)$ , dedicated to the processing of asymmetric encryption algorithms (40) coupled with the bus of the dual-port memory (4) and including a separate internal bus isolated from the bus of the dual-port memory (4); and
  - a CMOS memory (11) coupled with the dual-port memory (4) via the bus of the dual-port memory containing the encryption keys.

- 4. Architecture according to claim 3, characterized in that the first encryption submodule  $(3_1)$  comprises an encryption component (9) coupled with the dual-port memory (4) via the bus of the memory (4), comprising various encryption automata, respectively dedicated to the processing of symmetric encryption algorithms, and in that the second encryption sub-module  $(3_2)$  comprises at least two encryption processors  $(10_1 \text{ and } 10_2)$ , respectively dedicated to the processing of asymmetric encryption algorithms, coupled with the encryption module (9) via the internal bus of the second sub-module  $(3_2)$ , which is isolated from the bus of the dual port memory by a bus isolator (14).
- 5. Architecture according to claim 4, characterized in that both processors (10<sub>1</sub>) and 10<sub>2</sub>) of the encryption module (3) are of the CIP type.
- 6. Architecture according to claim 4, characterized in that one  $(10_1)$  of the encryption processors  $(10_1 \text{ and } 10_2)$  is of the CIP type, and in that the other  $(10_2)$  is of the ACE type.
- 7. Architecture according to claim 4, characterized in that the encryption processor (10<sub>2</sub>) of the ACE type is produced in programmable FPGA technology.
- 8. Architecture according to any of claims 4 through 7, characterized in that the encryption module (9) is of the SCE type.
- 1 9. Architecture according to claim 8, characterized in that the encryption module (9) is produced in programmable FPGA technology.
  - 10. Architecture according to any of claims 3 through 9, characterized in that the second encryption sub-module (3<sub>2</sub>) also comprises a flash memory PROM (12) and an SRAM memory (13) coupled with the internal bus of the sub-module (3<sub>2</sub>).

1

2

| 1 | 11.         | Architecture according to any of claims 3 through 10, characterized in that the   |
|---|-------------|-----------------------------------------------------------------------------------|
| 2 | CMOS memo   | ry (11) is protected by security mechanisms (15) that trigger the reset mechanism |
| 3 | of the CMOS | memory (11) in case of an alarm.                                                  |

- 12. Architecture according to any of claims 1 through 11, characterized in that the input/output module (2) comprises:
- a microcontroller (6) comprising an input/output processor (6<sub>1</sub>) and a PCI interface (6<sub>2</sub>) integrating DMA channels responsible for executing the data transfers between the host system (HS) and the circuit (1);
  - a flash memory (7) containing the code of the input/output processor  $(6_1)$ ; and
- an SRAM memory (8) that receives a copy of the contents of the flash memory (7) at the startup of the input/output processor  $(6_1)$ .
- 13. Architecture according to any of the preceding claims, comprising a serial link (SL) that makes it possible to input basic keys through a secure path independent of the PCI bus, characterized in that the link is controlled by the encryption module (3).
- 14. Architecture according to claim 13, characterized in that the serial link (SL) allows the downloading of proprietary algorithms into the first encryption sub-module (3<sub>1</sub>).

#### **ABSTRACT**

Architecture of an encryption circuit (1) simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system (HS) hosted by a computing machine. The circuit (1) comprises an input/output module (2), responsible for the data exchanges between the host system (HS) and the circuit via a dedicated bus (PCI), an encryption module (3) coupled with the input/output module (2), in charge of the encryption and decryption operations as well as the storage of all of the circuit's sensitive information; and isolation means (4) between the input/output module (2) and the encryption module (3), making the sensitive information stored in the encryption module (3) inaccessible to the host system (HS), and ensuring the parallelism of the operations performed by the input/output module (2) and the encryption module (3).

The applications specifically include the "hardware" protection of computer servers or stations.

**ONE FIGURE** 

Docket: T2147-906625

## IN THE UNITED STATES PATENT AND TRADEMARK OFFICE

In re application of

: Examiner:

Patrick LEQUERE

Group Art Unit:

Serial No.:

Filed: Concurrently Herewith

For: Architecture of an encryption Circuit

Implementing Various Types of

Encryption Algorithms Simultaneously:

Without a Loss of Performance : McLean, Virginia

November 7, 2000

## PROPOSED DRAWING CHANGES

**Assistant Commissioner for Patents** Washington, D.C. 20231

Sir:

Applicant requests approval of the drawing correction shown in red on

the attached sheet of drawing showing FIG. 1.

Approval is earnestly solicited.

Respectfully,

MILES & STOCKBRIDGE P.C.

Edward J. Kondracki Reg. No. 20,604

McLean VA 22102-3833 Telephone (703) 610-8627 #9124178 v1

1751 Pinnacle Drive, Suite 500







# Declaration and Power of Attorney For Patent Application Declaration Pour Demandes de Brevets Avec Pouvoirs

## French Language Declaration

| En tant qu' inventeur nomme ci-après, Je déclare par le présent acte que:                                                                                                                                                                                                                                       | As a below named inventor, I hereby declare that:                                                                                                                                                                                                                     |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Mon nom, mon domicile, mon adresse postale, ma nationalité sont ceux qui figurent ci-après,                                                                                                                                                                                                                     | My residence, post office address and citizenship are as stated below next to my name,                                                                                                                                                                                |
| Je déclare que je crois être l'inventeur original, premier et unique (si un seul nom figure sur le présent acte) ou un des co-inventeurs, originaux et premiers (si plusieurs noms figurent sur le present acte) du sujet revendiqué et pour liquel un brevet est demande sur la base de l'invention intitulée: | I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is sought on the invention entitled |
| Architecture d'un circuit de chiffrement mettant en oeuvre différents types                                                                                                                                                                                                                                     |                                                                                                                                                                                                                                                                       |
| d'algorithmes de chiffrement simultanément                                                                                                                                                                                                                                                                      |                                                                                                                                                                                                                                                                       |
| sans perte de performance dont la description                                                                                                                                                                                                                                                                   | the specification of which                                                                                                                                                                                                                                            |
| (cocher la case correspondante)                                                                                                                                                                                                                                                                                 | (check one)                                                                                                                                                                                                                                                           |
| 🕱 est annexée au présent acte.                                                                                                                                                                                                                                                                                  | s attached hereto.                                                                                                                                                                                                                                                    |
| a été déposée                                                                                                                                                                                                                                                                                                   | was filed on as                                                                                                                                                                                                                                                       |
| Numéro de série de la demande                                                                                                                                                                                                                                                                                   | Application Serial No.                                                                                                                                                                                                                                                |
| et modifiée le(si approprié)                                                                                                                                                                                                                                                                                    | and was amended on(if applicable)                                                                                                                                                                                                                                     |
|                                                                                                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                                       |
|                                                                                                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                                       |
| Je déclare par le présent acte avoir examiné et compris le contenu de la description identifiée ci-dessus, revendications y compris, et le cas écheant telle que modifiée par l'amendment cité plus haut.                                                                                                       | I hereby state that I have reviewed and understand the contents of the above identified specification, including the claims, as amended by any amendment referred to above.                                                                                           |
| Je reconnais le devoir de divulguer l'information qui est en rapport avec l'examen de cette demande selon Titre 37 du Code des Reglements Fédéraux §1.56(a).                                                                                                                                                    | I acknowledge the duty to disclose information which is material to the examination of this application in accordance with Title 37, Code of Federal Regulations, §1.56(a).                                                                                           |

## French Language Declaration

Je revendique par le présent acte le bénéfice de priorité étrangère selon Titre 35, du Code des Etats-Unis, §119 de toute demande de brevet ou d'attestation d'inventeur énumérée ci-après, et j'ai identifié également ci-après toute demande étrangère de brevet ou d'attestation d'inventeur ayant une date de dépôt antérieure à celle de la demande pour laquelle la priorité est revendiquée.

I hereby claim foreign priority benefits under Title 35, United States Code, §119 of any foreign application(s) for patent or inventor's certificate listed below and have also identified below any foreign application for patent or inventor's certificate having a filing date before that of the application on which priority is claimed:

| Discontinuing applies                                                                                                                                                                | ntiana                                                                                                                                                     |                                                                                                                                                                                                                                              |                                                                                                                                                                                                                                                                                                                                               | Priority c                                                                                                                                                             | laimed                                                                                          |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
| Prior foreign applica                                                                                                                                                                |                                                                                                                                                            |                                                                                                                                                                                                                                              |                                                                                                                                                                                                                                                                                                                                               | <u>Droit de</u>                                                                                                                                                        |                                                                                                 |
| Demande(s) de bre                                                                                                                                                                    | vet anteneure(s) da                                                                                                                                        | ans un autre pays:                                                                                                                                                                                                                           |                                                                                                                                                                                                                                                                                                                                               | reveno                                                                                                                                                                 | lique                                                                                           |
| FR 9914067                                                                                                                                                                           | France                                                                                                                                                     | 09 11 199                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                                               | Yes                                                                                                                                                                    |                                                                                                 |
| (Number)<br>(Numéro)                                                                                                                                                                 | (Country)<br>(Pays)                                                                                                                                        | (Day/Month/Year<br>(Jour/Mois/Année                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                               | Yes<br>Oui                                                                                                                                                             | No<br>Non                                                                                       |
| (Number)<br>(Numéro)                                                                                                                                                                 | (Country)<br>(Pays)                                                                                                                                        | (Day/Month/Year<br>(Jour/Mois/Année                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                               | Yes<br>Qui                                                                                                                                                             | No<br>Non                                                                                       |
| (Number)<br>(Numéro)                                                                                                                                                                 | (Country)<br>(Pays)                                                                                                                                        | (Day/Month/Year<br>(Jour/Mois/Année                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                               | Yes<br>Oui                                                                                                                                                             | No<br>Non                                                                                       |
| du Code des Etats-<br>ricaines énumérée(s<br>de chacune des rev<br>divulgué dans la der<br>dèfinie par le premi<br>Etats-Unis, §112, je<br>mation pertinente s<br>Fédéraux, §1.56(a) | Unis, §120 de toutes) ci-après et, dans rendications de cet mande américaine e reconnais le devotelon Titre 37 du Co, toute information la demande antérie | énéfice selon Titre 35 e(s) demande(s) améla mesure où le sujet te demande n'est pas antérieure, de la façon Titre 35 du Code des pir de divulguer l'inforcode des Réglements qui se présente entre ure et la date de dépôt ernationale PCT. | I hereby claim the benefit under §120 of any United States applinsofar as the subject matter of application is not disclosed in the cation in the manner provided by 35, United States Code, §112, disclose material information as Federal Regulations, §1.56(a) of filing date of the prior application international filing date of this a | olication(s) listed by feach of the clair he prior United States by the first paragraph, I acknowledge the defined in Title 37 which occurred between and the national | elow and,<br>ms of this<br>attes appli-<br>ph of Title<br>he duty to<br>7, Code of<br>tween the |
| (Application Se<br>(No. de Den                                                                                                                                                       | •                                                                                                                                                          | (Filing Date)<br>(Date de Dépôt)                                                                                                                                                                                                             | (Etat)<br>(brevetée, pendante,<br>abandonné)                                                                                                                                                                                                                                                                                                  | (Status)<br>(patented, pendi<br>abandoned)                                                                                                                             | ng,                                                                                             |
| (Application Si<br>(No. de Der                                                                                                                                                       |                                                                                                                                                            | (Filing Date)<br>(Date de Dépôt)                                                                                                                                                                                                             | (Etat)<br>(brevetée, pendante,<br>abandonnée)                                                                                                                                                                                                                                                                                                 | (Status)<br>(patented, pendi<br>abandoned)                                                                                                                             | ing,                                                                                            |

Je déclare par le présent acte que toutes mes déclarations, à ma connaissance, sont vraies et que toutes les déclarations faites à partir de renseignements ou de suppositions, sont tenues pour être vraies; de plus, toutes ces declarations ont été faites en sachant que de fausses déclarations volontaires u autres actes de même nature sont sanctionées par une amende ou un emprisonnement, ou les deux, selon la Section 1001, du Titre 18 de Code des Etats-Unis et que de selles déclarations délibérément fausses peuvent compromettre la validité de la demande ou du brevet délivré.

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the application or any patent issued thereon.

## French Language Declaration

POUVOIR: En tant qu'inventeur, je désigne l'(les) avocat(s) et/ou l'(les) agent(s) suivant(s) pour poursuivre la procédure de cette demande et traiter toute affaire la concernant supris du Bureau des Brevets et de Marques:

Harold L. Stowell, Reg. 17,233 Edward J. Kondracki, Reg. 20,604 Dennis P. Clarke, Reg. 22,549 William L. Feeney, Reg. 29,918 John C. Kerins, Reg. 32,421 POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attorney(s) and/or agent(s) to prosecute this application and transact all business in the Patent and Trademark Office connected therewith. (*list name and registration number*)

Harold L. Stowell, Reg. 17,233 Edward J. Kondracki, Reg. 20,604 Dennis P. Clarke, Reg. 22,549 William L. Feeney, Reg. 29,918 John C. Kerins, Reg. 32,421

Adresser toure correspondance à:

Edward J. Kondracki, Esq. KERKAM, STOWELL, KONDRACKI

& CLARKE, P.C.

5203 Leesburg Pike, Suite 600

Falls Church, VA 22041

Adresser toute communication téléphonique à:

₹Nom) (Numéro de téléphone)

T

Edward J. Kondracki, Esq.

(703) 998-3302

Send Correspondence to:

Edward J. Kondracki, Esq. KERKAM, STOWELL, KONDRACKI

& CLARKE, P.C.

5203 Leesburg Pike, Suite 600

Falls Church, VA 22041

Direct Telephone Calls to: (name and telephone number)

Edward J. Kondracki, Esq. (703) 998-3302

| lom complet du seul ou premier inventeur E QUERE Patrick                  | Full name of sole or first inventor        |      |
|---------------------------------------------------------------------------|--------------------------------------------|------|
| Signature de l'inventeur  30 Novembre 1999                                | Inventor's signature                       | Date |
| Pomicile<br>4, allée Pierre Ronsard 91140 VILLEBON sur YVETTE FRA         | Residence<br>ANCE                          |      |
| Nationalité<br>Française                                                  | Citizenship                                |      |
| Adresse Postale<br>14, allée Pierre Ronsard 91140 VILLEBON sur YVETTE FRA | Post Office Address                        |      |
| Nom complet du second co-inventeur, le cas echeant                        | Full name of second joint inventor, if any |      |
| Signature de l'inventeur Date                                             | Second Inventor's signature                | Date |
| Domicile                                                                  | Residence                                  |      |
| Nationalité                                                               | Citizenship                                |      |
|                                                                           | Post Office Address                        |      |
| Adresse Postale                                                           |                                            |      |

(Fournir les mêmes renseignements et la signature de tout co-inventeur supplémentaire.)

(Supply similar information and signature for third and subsequent joint inventors.)

Page 3 of 3